dChan
Anonymous ID: b8104c Q pseudonym's reputation May 15, 2018, 7:48 a.m. No.1419006   🗄️.is 🔗kun   >>9025 >>9027 >>9116 >>9138 >>9150 >>9211 >>9299 >>9317 >>9398

I'm puzzled by Q's lack of action to build rep for his pseudonym and validate important messages given his (we believe) military intelligence background. I doubt if any such person is clueless about cryptographic techniques, so the following issues bug me:

 

1) we knew back in the early 90's about pseudonym reputation building by using a PGP key as the anchor. Q needed to publish a public key on the first message (or later, even now, on a significant predictive message). Then mods (and autists who cared to learn how to do it) could confirm the identity of the pseudonym behind any signed message. That key builds Q rep with time, and there's no question about the source of any message (perhaps on request to Q for a signed version). Autists would clamor to learn how to validate!

 

2) We've known about cryptographic commitments since (I think) the 70's. The simplest way is to cryptographically hash a message and post the hash. When the actual message can be posted anyone can confirm that you knew the message content at the time the hash was posted (by hashing the message and confirming it's the same as the previously posted hash).

 

These techniques are fairly simple to do and simple to validate, so why didn't he do it (or something like it)? Passwords for trip codes are inherently unreliable coz they pass over the network and get processed on unreliable systems. Key signing doesn't expose anything in that way (the signing key stays on your computer only).

 

So … what's up?

Anonymous ID: b8104c May 15, 2018, 8:20 a.m. No.1419278   🗄️.is 🔗kun   >>9314

>>1419213

Fair point. But we're talking about a pseudonym here. Why would you try to maintain it's continuity using (say) trip codes but not use a more secure and reliable way?

Anonymous ID: b8104c May 15, 2018, 8:43 a.m. No.1419449   🗄️.is 🔗kun

>>1419214

>>>1419079

 

>>quantum computers aren't yet good enough for a decent size key.

>Bullshit, that's dogmatic trash implying to crack a cryptosystem the cryptosystem itself must be attacked. Do you think InQTel purchased DWave because it doesn't work? If you're the CIA wouldn't you tell the public your QC didn't work so well?

 

Such a mishmash of partially understood info.

a) once you have a secure key, the signatures can't be messed wit, You're suggesting workarounds like your computer being compromised etc. Of course that can happen but if so, you've got other problems.

b) dwave is barely using quantum computing (if at all). Anyway, dwave is a simulated annealing optimization thingy. It can't handle problems like factorization.

 

>>PGP isn't secure

>https://www.sans.org/reading-room/whitepapers/vpns/attacks-pgp-users-perspective-1092

>Take your pick, then put international state actor money behind it and let me know where your threat model gets you in regards to trusting PGP.

 

Workarounds again. Yet PGP itself remains secure.

 

> Also, normies don't know how to validate keys and that raises the bar to entry considerably, probably enough that the viral potential of Q's existence would be severely hampered.

 

Read my OP. I think autists would jump on this. And mods need to understand anyway.

One published verification and others would learn how real quick.

 

>>inb4 you attempt to pass dogmatic garbage as hard fact

 

Umm. It's science …

 

>>inb4 you attempt to claim cracking PGP itself is the only way to break PGP

 

I never said that. Yet it's still a very useful tool. Way better than trip codes for example.

 

>Moore's law has been absolutely crushed, there's been an exponential increase in processing power, the limited nature of CPU's and GPU's energy consumption being the hard limits on searching cryptographic space are no longer viable means of securing information.

 

Rubbish. The keys needed to be (and were) lengthened along with the computer power. Fortunately the scaling involved there works to the crypto's benefit. One bit more in the key length makes the space to be searched double.

 

>Lets say they don't have a QC and you're the 1337est faggot on the internet:

 

>>You're still using comped hardware.

 

>>You're still not operating in a Hammer proof SCIF.

 

>>Your hardware is still profileable ergo you don't have to search the entire cryptographic space

 

>>Your operating system is still full of 0days.

 

>>You don't have the resources of international actors so you can't assume you're home rolled level of sophistication is beyond their understanding or abilities to exploit.

 

>So you operate from a standpoint of knowing your shits fucked instead, and that means not using publicly available crypto who's validity is backed by not only the media monster but comped organizations like NIST and educational institutions. Especially when backing the Cabal into a corner where they just might have to pull out all the stops.

 

All true. But we ARE talking about a military intelligence guy here, right? His shit is pretty good.

And the loss is low anyway. Just a pseudonym trashed in the worst case.

 

>Lets say they do have a QC(InQTel, IBM, Rand)

 

>>They still have everything above.

 

>>They also have a Quantum Computer.

 

>Either way, the cryptosystem in and of itself is not enough.

 

Agreed. There has to be verifiable content in addition.

Anonymous ID: b8104c May 15, 2018, 9:03 a.m. No.1419706   🗄️.is 🔗kun

>>1419317

First sensible answer.

I can't disagree.

OTOH, I can say that keeping his nym totally under his control allows him to change, misdirect etc. as HE wants. Not reliant on boards etc.

I'm not gonna debate more in this direction, coz I don't know what's in his head.